The Information Commissioner’s Office (the “ICO”) has clarified the methods it will use to calculate the fines it will issue for breaches of data privacy law in the UK by publishing its latest Data Protection Fining Guidance (the “Guidance“) on 18 March 2024.
The ICO oversees compliance with the UK data protection law, including the Data Protection Act 2018 (the “Act”) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (the “UK GDPR”) (together, the “UK Data Protection Law”). The Act empowers the ICO to issue penalty notices for breaches of the UK Data Protection Law, with the maximum amount being the higher of £17,500,000 or 4% of the concerned undertaking’s total worldwide turnover.